Fake myGov profiles are being used to hack ATO accounts, according to a recent ABC report. https://www.abc.net.au/news/2022-12-18/ato-tax-hacked-via-mygov-services-australia-exploit/101781656
A woman named Sue (not her real name) found that about $25,000 was funnelled from her account – without her knowledge – while in a routine meeting with her accountant.
Following the account breach, Sue was forced to go through the arduous process of reporting it to authorities and waiting for weeks to get a response as to what happened.
ABC found there are alarmingly few restrictions around creating bogus myGov accounts. This highlights the need for better security and protection in the myGov and ATO systems to ensure more personal information remains safe and secure.
The ATO has some resources on how to protect yourself online and information on what to do if you have been caught up in a data breach.
You can also play a key role in helping to keep your account safe. For example, you should:
- Make sure your ATO contact details are up to date, so you can be easily notified if a new myGov account links to your ATO record.
- Be careful when downloading attachments or clicking links, even if the message seems to come from someone you know.
- Always access ATO online services directly via ato.gov.au, my.gov.au or the ATO app, not by following a link.
- Keep your TFN, passwords and superannuation account details secure – don’t share your password with others.
- Never reply to emails with your password or other sensitive email (such as your TFN), including to prospective employers.
- Make sure you check ATO online services and your myGov Inbox regularly – if you know everything is in order, it will be harder for a scammer to convince you otherwise.
If you know or suspect that someone has stolen your TFN or is using your tax-related information illegally, phone the ATO’s Identity Theft hotline as soon as you can. They will take appropriate steps to protect your information.
